security - Samuele Resca

Notes on CVE assessment

22 Mar 2024 • security

This post collects some notes about the lifecycle of vulnerabilities. It also discusses the challenges I faced during the assessment process: from the need to keep the analysis consistent to the limits of the CVSS base score.

Changes and improvements in CVSS 4.0

14 Mar 2024 • security

The CVSS Special Interest Group (SIG) recently released the new 4.0 version of CVSS. This post outlines the changes and the improvements in CVSS 4.0. These notes originate from the CVSS 4.0 public preview presentations.

Techniques for fuzz testing

5 Dec 2022 • security Distributed Systems fuzzing etcd fuzz

Fuzz testing is a broad topic with many approaches and strategies. This post summarizes some techniques for fuzz testing and the learnings I have made. It also goes through some fuzz tests running on some cloud-native foundation projects, such as etcd.